elpatron/internxt-webdav
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
262cffe4a61833d9f8f7e6e7847c699a4483599c
internxt-webdav/docs/browser-token-auth.md
elpatron 262cffe4a6 Translate all user-facing output to English 
- Scripts: start-webdav.cmd, stop-webdav.cmd (echo messages, REM comments)
- Server: server.js (console.log, HTTP error messages)
- Token tools: token-test.js, token-refresh.js
- Other: auth-poc.js, debug-name-decrypt.js, internxt-client.js, upload.js
- Docs: README, .env.example, docs/*.md

Made-with: Cursor
2026-02-28 16:37:28 +01:00

5.6 KiB
Raw Blame History

Browser Token Authentication (Approach B)

Since API login is blocked for your account type, you can log in via the browser and use the session data for the WebDAV wrapper.

Flow

  1. Log in at https://drive.internxt.com
  2. Extract token and mnemonic from the browser
  3. Add to .env
  4. Start WebDAV server

Extracting Tokens

Step 1: Show all stored keys

Be logged in at https://drive.internxt.com. DevTools (F12) → Console:

// Show all localStorage keys
Object.keys(localStorage).filter(k => k.includes('x') || k.includes('token') || k.includes('Token')).forEach(k => console.log(k));

This shows which keys exist (e.g. xNewToken, xMnemonic, xUser).

Step 2: Read token and mnemonic

// Display token and mnemonic
console.log('Token:', localStorage.getItem('xNewToken') || localStorage.getItem('xToken') || '(not found)');
console.log('Mnemonic:', localStorage.getItem('xMnemonic') || '(not found)');

Step 3: If nothing is found

  • Check Application tab: DevTools → Application (or Storage) → Local Storage → select https://drive.internxt.com. Inspect all entries.
  • Correct URL: You must be on https://drive.internxt.com (not internxt.com) and logged in after login, on /drive or /app.
  • Session vs Local: Some values may be in sessionStorage. Test with: 
    console.log('sessionStorage:', Object.keys(sessionStorage));
  • Show all keys: For debugging, list all keys with values: 
    for (let i = 0; i < localStorage.length; i++) {
  const k = localStorage.key(i);
  console.log(k + ':', localStorage.getItem(k)?.substring(0, 50) + '...');
}

Add to .env

INXT_TOKEN=eyJhbGciOiJIUzI1NiIs...
INXT_MNEMONIC=word1 word2 word3 ...
# Name decryption: CRYPTO_SECRET or CRYPTO_SECRET2 (CLI default: 6KYQBP847D4ATSFA)
CRYPTO_SECRET=6KYQBP847D4ATSFA
# Optional: Enforce WebDAV credentials (otherwise any credentials accepted)
# WEBDAV_USER=backup
# WEBDAV_PASS=secret

Duplicati Pre/Post Scripts (optional)

If the WebDAV server does not run permanently, Duplicati can start it before backup and stop it after:

Script Duplicati setting Path
Start Run before backup scripts\start-webdav.cmd
Stop Run after backup scripts\stop-webdav.cmd

Settings → Advanced → Scripts enter full path, e.g.:

C:\Path\to\internxt-webdav\scripts\start-webdav.cmd
C:\Path\to\internxt-webdav\scripts\stop-webdav.cmd

Optional port as argument (default: 3005):

C:\Path\to\internxt-webdav\scripts\start-webdav.cmd 8080
C:\Path\to\internxt-webdav\scripts\stop-webdav.cmd 8080

The server starts in the background and is ready after ~5 seconds.

Restic + rclone

restic -r rclone:internxt-webdav:repo-name init

The server creates missing folders recursively (MKCOL). On 500 errors: check server log (PUT Fehler:), renew token with npm run token-refresh.

Restic "object not found" / 500

  1. Check port: rclone URL must match server port exactly. If console shows e.g. http://127.0.0.1:3010, set url = http://127.0.0.1:3010 in rclone.
  2. Single server only: Stop npm start (Ctrl+C), then use only scripts\start-webdav.cmd otherwise an old process may respond.
  3. rclone config: rclone config → Remote internxt-webdavurl = http://127.0.0.1:PORT (PORT from server startup).
  4. Logs: Set WEBDAV_LOG=debug in .env, restart server, then check logs\webdav-errors.log and logs\webdav-debug.log.

WebDAV Credentials (for Duplicati, Explorer)

The server expects Basic Auth. Without WEBDAV_USER/WEBDAV_PASS in .env, it accepts any credentials you can use e.g. username backup and password secret in Duplicati. With WEBDAV_USER and WEBDAV_PASS set, only those credentials are accepted.

Start WebDAV Server

npm start

Server runs at http://127.0.0.1:3005. Phase 14 active: PROPFIND, MKCOL, DELETE, MOVE, GET, PUT. INXT_MNEMONIC required for GET and PUT.

PowerShell Copy-Item: "Null character in path"

Windows/.NET sometimes adds null bytes to WebDAV paths. Workaround:

# Option 1: Direct HTTP (bypasses WebDAV bugs, use UUID from dir i:)
Invoke-WebRequest -Uri "http://127.0.0.1:3005/_.69942103-e16f-4714-89bb-9f9f7d3b1bd5" -OutFile test.md

# Upload via PUT (PowerShell)
Invoke-WebRequest -Uri "http://127.0.0.1:3005/my-file.txt" -Method PUT -Body "Content" -ContentType "application/octet-stream"

# Option 2: Robocopy (copy all files from root)
robocopy "i:\" "." /NFL /NDL

# Option 3: Explorer  drag & drop file
# Windows Explorer: Map network drive → http://127.0.0.1:3005

## Renew Token (on 401 / expired)

Tokens expire after some time (typically hours). On 401 errors or "Unauthorized":

### Option A: Automatic (Chromium)

```bash
npm run token-refresh

Opens a browser with drive.internxt.com. Log in tokens are extracted and .env updated automatically. Restart server.

Option B: Manual

  1. Open https://drive.internxt.com and log in again
  2. Read token and mnemonic from Console as in Step 2 above
  3. Update .env with new values
  4. Restart WebDAV server

Notes

  • Bridge API: Download uses Internxt Bridge with x-api-version: 2 and headers internxt-version/internxt-client. Without these, Bridge returns 400.
  • Security: Mnemonic and token are highly sensitive. Do not commit to Git, keep .env in .gitignore.
  • Personal only: Tokens are bound to your session. This approach does not work for other users.
Reference in New Issue View Git Blame Copy Permalink